{#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#}
{% macro replace_jaas_placeholder(name) -%}
{% if name.find('_JAAS_PLACEHOLDER') > -1 -%}
    {%- if security_enabled -%}
        {{ name.replace('_JAAS_PLACEHOLDER', '-Djava.security.auth.login.config=' +conf_dir + '/storm_jaas.conf') }}
    {%- else -%}
        {{ name.replace('_JAAS_PLACEHOLDER', '') }}
    {%- endif -%}
{%- else -%}
    {{name}}
{%- endif -%}
{%- endmacro %}

{% for key, value in configurations|dictsort if not key.startswith('_') %}
{{key}} : {{ escape_yaml_propetry(replace_jaas_placeholder(value)) }}
{% endfor %}

{% if stack_is_hdp22_or_further %}
storm.thrift.transport : "{% if security_enabled %}{{configurations['_storm.thrift.secure.transport']}}{% else %}{{configurations['_storm.thrift.nonsecure.transport']}}{% endif %}"  
{% endif %}

{% if security_enabled and stack_is_hdp22_or_further %}
#
# Kerberos security section. For the reference please use: https://github.com/hortonworks/storm/blob/champlain/SECURITY.md for details
#

storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"
storm.zookeeper.superACL: "sasl:{{storm_bare_jaas_principal}}"
java.security.auth.login.config: "{{conf_dir}}/storm_jaas.conf"
nimbus.admins:
  - "{{storm_user}}"
nimbus.supervisor.users:
  - "{{storm_user}}"
nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"
drpc.authorizer: "backtype.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer"

ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
ui.filter.params:
  "type": "kerberos"
  "kerberos.principal": "{{storm_ui_jaas_principal}}"
  "kerberos.keytab": "{{storm_ui_keytab_path}}"
  "kerberos.name.rules": "DEFAULT"
supervisor.enable: true
{% endif %}